1. Home
    2. GlobalProtect
    3. GlobalProtect Administrator's Guide
    4. Authentication
    5. Set Up Client Certificate Authentication
    6. Deploy Shared Client Certificates for Authentication
    End-of-Life (EoL)

    Deploy Shared Client Certificates for Authentication

    To confirm that an endpoint user belongs to your organization, you can use the same client certificate for all endpoints or generate separate certificates to deploy with a particular agent configuration. Use this workflow to issue self-signed client certificates for this purpose and deploy them from the portal.
    1. Generate a certificate to deploy to multiple GlobalProtect clients.
      2. Select
        Device
        Certificate Management
        Certificates
        Device Certificates
         and then click
        Generate
        .
      3. Use the
        Local
         certificate type (the default).
      4. Enter a
        Certificate Name
        . This name cannot contain spaces.
      5. In the
        Common Name
         field enter a name to identify this certificate as an agent certificate, for example GP_Windows_clients. Because this same certificate will be deployed to all agents using the same configuration, it does not need to uniquely identify a specific user or endpoint.
      6. In the
        Signed By
         field, select your root CA.
      7. Select an
        OCSP Responder
         to verify the revocation status of certificates.
      8. Click
        OK
         to generate the certificate.
    2. Configure authentication settings in a GlobalProtect portal agent configuration to enable the portal to transparently deploy the client certificate that is
      Local
       to the firewall to clients that receive the configuration.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo